Skip to content

Enable Node.js Permission Model

The Node.js runtime has a built-in permission model which allows you to limit access to certain system resources, which is helpful to limit the blast radius in case of a security incident.

Supported Resources for Node.js Permissions Model

The following resources are supported by the Node.js permissions model:

  • File system access - via the --allow-read-fs and --allow-write-fs flags.
  • Child process access - via the --allow-child-process flag.
  • Worker threads access - via the --allow-worker flag.
  • Native add-ons access - via the --allow-addons flag.
  • WASI modules access - via the --allow-wasi flag.

Node.js Permissions Model Example

In practice, here’s how you’d enable the permissions model in a package.json start script:

{
"scripts": {
"start": "node --permission --allow-read-fs=* server.js"
}
}

Then, if the server.js file tries to access the file system, it will be allowed to do so. Otherwise, it will throw an error as follows, when Node.js is instructed to load the special .env dotenv file:

Terminal window
$ npm run dev
> enable-nodejs-permissions-model@1.0.0 dev
> node --permission --env-file=.env server.js
node:fs:443
return binding.readFileUtf8(path, stringToFlags(options.flag));
^
Error: Access to this API has been restricted
at Object.readFileSync (node:fs:443:20)
at defaultLoadImpl (node:internal/modules/cjs/loader:1128:17)
at loadSource (node:internal/modules/cjs/loader:1767:20)
at Object..js (node:internal/modules/cjs/loader:1899:44)
at Module.load (node:internal/modules/cjs/loader:1474:32)
at Function._load (node:internal/modules/cjs/loader:1286:12)
at TracingChannel.traceSync (node:diagnostics_channel:322:14)
at wrapModuleLoad (node:internal/modules/cjs/loader:234:24)
at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:151:5)
at node:internal/main/run_main_module:33:47 {
code: 'ERR_ACCESS_DENIED',
permission: 'FileSystemRead',
resource: '/workspaces/nodejs-runtime-security/enable-nodejs-permissions-model/server.js'
}
Node.js v23.5.0

Benefits of Node.js Permission Model

The benefits of enabling the Node.js permission model include:

  • Low-privilege access to system resources - Least privilege principle is a common security best practice adhered to by security teams and many organizations follow this to reduce the attack surface and provide only the necessary permissions and capabilities to the application.

  • Supply chain security defense - The permissions model can be used to restrict access to system resources, such as child processes, sensitive file system reads and writes, and other resources that could be abused by malicious actors.